TY  - BOOK
AU  - Akula,Madhu
AU  - Mahajan,Akash
AU  - Doran,Samuel P.
TI  - Security Automation with Ansible 2: Automate Security-Related Tasks in a Structured, Modular Fashion Using the Best Open Source Automation Tool Available
SN  - 9781788398725
AV  - TK5105.59 .A385 2017 
U1  - 005.8 
PY  - 2017///
CY  - Birmingham
PB  - Packt Publishing, Limited
KW  - Computer networks-Security measures
KW  - Electronic books
N1  - Cover -- Copyright -- Credits -- About the Authors -- About the Reviewer -- www.PacktPub.com -- Customer Feedback -- Table of Contents -- Preface -- Chapter 1: Introduction to Ansible Playbooks and Roles -- Ansible terms to keep in mind -- Playbooks -- Ansible modules -- YAML syntax for writing Ansible playbooks -- Ansible roles -- Templates with Jinja2 -- Jinja templating examples -- Conditional example -- Loops example -- LAMP stack playbook example - combining all the concepts -- Summary -- Chapter 2: Ansible Tower, Jenkins, and Other Automation Tools -- Scheduling tools to enable the next abstraction of automation -- Getting up and running -- Setting up Ansible Tower -- Setting up Jenkins -- Setting up Rundeck -- Security automation use cases -- Adding playbooks -- Ansible Tower configuration -- Jenkins Ansible integration configuration -- Rundeck configuration -- Authentication and  data security -- RBAC for Ansible Tower -- TLS/SSL for Ansible Tower -- Encryption and data security for Ansible Tower -- RBAC for Jenkins -- TLS/SSL for Jenkins -- Encryption and data security for Jenkins -- RBAC for Rundeck -- HTTP/TLS for Rundeck -- Encryption and data security for Rundeck -- Output of the playbooks -- Report management for Ansible Tower -- Report management for Jenkins -- Report management for Rundeck -- Scheduling of jobs -- Alerting, notifications, and webhooks -- Summary -- Chapter 3: Setting Up a Hardened WordPress with Encrypted Automated Backups -- CLI for WordPress -- Why Ansible for this setup? -- A complete WordPress installation step-by-step -- Setting up nginx web server -- Setting up prerequisites -- Setting up MySQL database -- Installing PHP for WordPress setup -- Installing WordPress using WP-CLI -- Hardening SSH service -- Hardening a database service -- Hardening nginx -- Hardening WordPress; Hardening a host firewall service -- Setting up automated encrypted backups in AWS S3 -- Executing playbook against an Ubuntu 16.04 server using Ansible Tower -- Secure automated the WordPress updates -- Scheduling via Ansible Tower for daily updates -- Setting up Apache2 web server -- Enabling TLS/SSL with Let's Encrypt -- What if you don't want to roll your own? The Trellis stack -- Why would we use Trellis, and when is it a good idea to use it? -- WordPress on Windows -- How to enable WinRM in Windows -- Running Ansible against a Windows server -- Installing IIS server using playbook -- Summary -- Chapter 4: Log Monitoring and Serverless Automated Defense (Elastic Stack in AWS) -- Introduction to Elastic Stack -- Elasticsearch -- Logstash -- Kibana -- Beats -- Why should we use Elastic Stack for security monitoring and alerting? -- Prerequisites for setting up Elastic Stack -- Setting up the Elastic Stack -- Logstash integrations -- Kibana -- ElastAlert -- Installing Elasticsearch -- Installing Logstash -- Logstash configuration -- Installing Kibana -- Setting up nginx reverse proxy -- Installing Beats to send logs to Elastic Stack -- ElastAlert for alerting -- Configuring the Let's Encrypt service -- ElastAlert rule configuration -- Kibana dashboards -- Automated defense? -- AWS services used in setup -- DynamoDB -- Blacklist lambda function -- HandleExpiry lambda function -- Cloudwatch -- VPC Network ACL -- Setup -- Configuration -- Usage - block an IP address -- Request -- Response -- Automated defense lambda in action -- Summary -- Chapter 5: Automating Web Application Security Testing Using OWASP ZAP -- Installing OWASP ZAP -- Installing Docker runtime -- OWASP ZAP Docker container setup -- A specialized tool for working with Containers - Ansible Container -- Configuring ZAP Baseline scan -- Running a vulnerable application container; Running an OWASP ZAP Baseline scan -- Security testing against web applications and websites -- Running ZAP full scan against DVWS -- Testing web APIs -- Continuous scanning workflow using ZAP and Jenkins -- Setting up Jenkins -- Setting up the OWASP ZAP Jenkins plugin -- Some assembly required -- Triggering the build (ZAP scan) -- Playbook to do this with automation -- ZAP Docker and Jenkins -- Summary -- Chapter 6: Vulnerability Scanning with Nessus -- Introduction to Nessus -- Installing Nessus for vulnerability assessments -- Configuring Nessus for vulnerability scanning -- Executing scans against a network -- Basic network scanning -- Running a scan using AutoNessus -- Setting up AutoNessus -- Running scans using AutoNessus -- Listing current available scans and IDs -- Starting a specified scan using scan ID -- Storing results -- Installing the Nessus REST API Python client -- Downloading reports using the Nessus REST API -- Nessus configuration -- Summary -- Chapter 7: Security Hardening for Applications and Networks -- Security hardening with benchmarks such as CIS, STIGs, and NIST -- Operating system hardening for baseline using an Ansible playbook -- STIGs Ansible role for automated security hardening for Linux hosts -- Continuous security scans and reports for OpenSCAP using Ansible Tower -- CIS Benchmarks -- Ubuntu CIS Benchmarks (server level) -- AWS benchmarks (cloud provider level) -- Lynis - open source security auditing tool for Unix/Linux systems -- Lynis commands and advanced options -- Windows server audit using Ansible playbooks -- Windows security updates playbook -- Windows workstation and server audit -- Automating security audit checks for networking devices using Ansible -- Nmap scanning and NSE -- Nmap NSE scanning playbook -- AWS security audit using Scout2 -- Automation security audit checks for applications using Ansible; Source code analysis scanners -- Brakeman scanner - Rails security scanner -- Dependency-checking scanners -- OWASP Dependency-Check -- Running web application security scanners -- Nikto - web server scanner -- Framework-specific security scanners -- WordPress vulnerability scanner - WPScan -- Automated patching approaches using Ansible -- Rolling updates -- BlueGreen deployments -- BlueGreen deployment setup playbook -- BlueGreen deployment update playbook -- Summary -- Chapter 8: Continuous Security Scanning for Docker Containers -- Understanding continuous security concepts -- Automating vulnerability assessments of Docker containers using Ansible -- Docker Bench for Security -- Clair -- Scheduled scans using Ansible Tower for Docker security -- Anchore - open container compliance platform -- Anchore Engine service setup -- Anchore CLI scanner -- Scheduled scans using Ansible Tower for operating systems and kernel security -- Vuls - vulnerability scanner -- Vuls setup playbook -- Vuls scanning playbook -- Scheduled scans for file integrity checks, host-level monitoring using Ansible for various compliance initiatives -- osquery -- Summary -- Chapter 9: Automating Lab Setups for Forensics Collection and Malware Analysis -- Creating Ansible playbooks for labs for isolated environments -- Collecting file and domain malware identification and classification -- VirusTotal  API tool set up -- VirusTotal API scan for malware samples -- Setting up the Cuckoo Sandbox environment -- Setting up the Cuckoo host -- Setting up Cuckoo guest -- Submitting samples and reporting using Ansible playbook -- Setting up Cuckoo using Docker containers -- Setting up MISP and Threat Sharing -- Setting up MISP using Ansible playbook -- MISP web user interface -- Setting up Viper - binary management and analysis framework; Creating Ansible playbooks for collection and storage with secure backup of forensic artifacts -- Collecting log artifacts for incident response -- Secure backups for data collection -- Summary -- Chapter 10: Writing an Ansible Module for Security Testing -- Getting started with a hello world Ansible module -- Code -- Setting up the development environment -- Planning and what to keep in mind -- OWASP ZAP module -- Create ZAP using Docker -- Creating a vulnerable application -- Ansible module template -- Metadata -- Documenting the module -- Source code template -- OWASP ZAP Python API sample script -- Complete code listing -- Running the module -- Playbook for the module -- Adding an API key as an argument -- Adding scan type as an argument -- Using Ansible as a Python module -- Summary -- Chapter 11: Ansible Security Best Practices, References, and Further Reading -- Working with Ansible Vault -- How to use Ansible Vault with variables and files -- Ansible Vault single encrypted variable -- Ansible Vault usage in Ansible Tower -- Setting up and using Ansible Galaxy -- Using Ansible Galaxy roles -- Publishing our role to Ansible Galaxy -- Ansible Galaxy local setup -- Ansible controller machine security -- Explanation of Ansible OS hardening playbook -- Best practices and reference playbook projects -- DebOps - your Debian-based data center in a box -- Setting up the DebOps controller -- Algo - set up a personal IPSEC VPN in the cloud -- OpenStack-Ansible -- Additional references -- Streisand - automated installation and configuration of anti-censorship software -- Sovereign - maintain your own private cloud using Ansible playbooks -- AWX - open source version of Ansible Tower -- Coming soon to Ansible 2.5 -- Summary -- Index
N2  - Security automation is one of the most interesting skills to have nowadays. With over 750 automation modules, Ansible makes it easy for you to secure any part of your systemâ€"be it setting firewalls, providing authentication to users and groups, or setting custom security policies. It allows you to write automation procedures once and use
UR  - https://ebookcentral.proquest.com/lib/orpp/detail.action?docID=5188229
ER  -